Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Shilpa1
Staff
Staff

Created on ‎09-28-2015 02:06 AM Edited on ‎12-04-2025 09:44 PM By Community Manager

Article Id 196890

Technical Tip: How to display the source MAC addresses of 'devices' in logs in FortiAnalyzer

Description

 

This article describes that, by default, the source MAC addresses of 'devices' do not appear in logs, and the Source MAC column will be empty.


 

Scope

 

FortiAnalyzer.


Solution


To see this information, enable 'Device detection' under Network -> Interfaces, edit the interface, then under Network enable 'Device detection'.

 
The Source MAC address column can now be populated.
 

 

Note:

The device must be connected directly. If there is a switch in between, the user may see the MAC address entry of the switch in the logs.

 

Related article:

Technical Tip: Same MAC Address/Hostname is seen in forward logs for different end users in FortiGat...

11605
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.